CN116015677A - Network safety protection method and device based on key dynamics characteristics - Google Patents
Network safety protection method and device based on key dynamics characteristics Download PDFInfo
- Publication number
- CN116015677A CN116015677A CN202211635592.5A CN202211635592A CN116015677A CN 116015677 A CN116015677 A CN 116015677A CN 202211635592 A CN202211635592 A CN 202211635592A CN 116015677 A CN116015677 A CN 116015677A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- model
- training
- sample set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the disclosure provides a network security protection method and device based on key dynamics characteristics. The method comprises the following steps: collecting time stamp data when a user types in a character string; preprocessing the time stamp data to obtain tiled data; performing feature extraction and data division on the tiled data to generate a training sample set; model training is carried out according to the training sample set, and a trained identity authentication model is obtained; and authenticating the identity of the user according to the trained identity authentication model. In this way, the identity of the user can be effectively verified, the fact that even if the user suffers from account password leakage, the invalid user cannot successfully log in the corresponding application by using the right account password, and the tangential benefits of the user and enterprises are effectively protected.
Description
Technical Field
The disclosure relates to the field of information security, in particular to a network security protection method and device based on key dynamics characteristics.
Background
With the rapid development of the Internet and intelligent mobile devices, various websites, systems, apps and other applications are generated, so that the daily life of people is greatly facilitated. Meanwhile, in order to ensure the safety of the application and the user identity, most of the applications require the user to use the corresponding function after the user completes the identity authentication.
The traditional user identity authentication method is that an account password set during user registration is stored in a background server of a corresponding application, when a user initiates a login request, the account password filled by the user is compared with the account password stored in the background server during registration, the verification is successful if the comparison is successful, and the verification is failed if the comparison is failed, so that the identity authentication is completed.
And the account passwords and other information are stored in the background server, so that unified management is convenient to a certain extent. While the internet technology is rapidly developed, the network black-producing technology is continuously optimized and matures day by day. The server storing the user account password is easy to be attacked by the network, so that the account password is leaked, and the user can successfully log in the application after the leaked account password is taken by the black product, so that immeasurable losses can be caused to the user and the enterprise.
Disclosure of Invention
The disclosure provides a network security protection method, device, equipment and storage medium based on key dynamics characteristics.
According to a first aspect of the present disclosure, a network security protection method based on key dynamics features is provided. The method comprises the following steps:
collecting time stamp data when a user types in a character string;
preprocessing the time stamp data to obtain tiled data;
performing feature extraction and data division on the tiled data to generate a training sample set;
model training is carried out according to the training sample set, and a trained identity authentication model is obtained;
and authenticating the identity of the user according to the trained identity authentication model.
Aspects and any one of the possible implementations as described above, further providing an implementation, the collecting timestamp data of when the user typed the string includes:
and when the user types each character, pressing and releasing the timestamp corresponding to the character to obtain timestamp data when the user types the character string.
In the aspect and any possible implementation manner described above, there is further provided an implementation manner, preprocessing the timestamp data to obtain tiled data, including:
calculating each group of HL retention delay, IL key delay, PL pressing delay and RL releasing delay when a user types a character string according to the timestamp data;
combining and transposing each group of HL retention delay, IL key delay, PL pressing delay and RL release delay according to rows to obtain a transposed matrix;
and taking out the data in the transposed matrix according to the rows, and sequentially arranging the data into a new row of data to obtain tiled data.
In the aspect and any possible implementation manner described above, there is further provided an implementation manner, where the feature extraction and data division are performed on the tiled data, and generating a training sample set includes:
intercepting data from the tiled data in a mode that the length is l and the sliding window is x;
normalizing the intercepted data to obtain sample data;
taking the user identity type corresponding to each sample data as a sample label;
and carrying out equalization processing on the sample data and the corresponding sample labels thereof, and dividing the sample data to obtain a training sample set, a verification sample set and a test sample set.
In the foregoing aspect and any possible implementation manner, there is further provided an implementation manner, where the training a model according to the training sample set, to obtain a trained identity authentication model, includes:
model training is carried out according to the training sample set and the verification sample set, and a trained identity authentication model is obtained;
inputting a test sample set into the trained identity authentication model, and evaluating the generalization capability of the model;
if the generalization capability reaches the expected value, the training is ended.
Aspects and any possible implementation manner as described above, further provide an implementation manner, where the authenticating the user according to the trained authentication model includes:
collecting user time stamp data to be authenticated, and obtaining sample data according to the time stamp data;
predicting the probability of the user identity type corresponding to each sample data according to the trained identity authentication model;
when the average value of the probabilities of the user identity types corresponding to all the sample data is larger than a preset threshold value, the user is the identity, the identity authentication is successful, and otherwise the identity authentication fails.
Aspects and any one of the possible implementations as described above, further providing an implementation that calculates each set of HL hold, IL-key, PL press and RL release delays when a user types a string from the timestamp data, comprising:
corresponding HL hold, IL inter-key, PL press and RL release delays are calculated from the user typing in the time stamps between every two consecutive characters.
According to a second aspect of the present disclosure, a network security appliance based on key dynamics is provided. The device comprises:
the data acquisition module is used for acquiring time stamp data when a user types in a character string;
the data preprocessing module is used for preprocessing the time stamp data to obtain tiled data;
the data extraction and division module is used for carrying out feature extraction and data division on the tiled data to generate a training sample set;
the model training module is used for carrying out model training according to the training sample set to obtain a trained identity authentication model;
and the identity authentication module is used for authenticating the identity of the user according to the trained identity authentication model.
According to a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
According to a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as according to the first and/or second aspects of the present disclosure.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 illustrates a network security protection method flow diagram based on key dynamics in accordance with an embodiment of the present disclosure;
FIG. 2 illustrates an exemplary graph of key dynamics for an embodiment of the present disclosure;
FIG. 3 illustrates a network security protection method based on key dynamics in accordance with an embodiment of the present disclosure;
FIG. 4 illustrates a flow chart of data preprocessing of an embodiment of the present disclosure;
FIG. 5 illustrates a feature extraction flow diagram of an embodiment of the present disclosure;
FIG. 6 shows a DNN network model diagram of an embodiment of the present disclosure;
FIG. 7 illustrates a block diagram of a network security appliance based on key dynamics in accordance with an embodiment of the present disclosure;
fig. 8 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In the disclosure, in order to solve the drawbacks existing in the conventional user identity authentication method, a network security protection method based on key dynamics features is provided, and the method includes: collecting time stamp data when a user types in a character string; preprocessing the time stamp data to obtain tiled data; performing feature extraction and data division on the tiled data to generate a training sample set; model training is carried out according to the training sample set, and a trained identity authentication model is obtained; and authenticating the identity of the user according to the trained identity authentication model. On the basis of account password comparison, a layer of authentication for user identity is added, and even if the account password of the user is leaked, whether the user is the user can be identified, so that the information and property safety of the user and enterprises are protected.
Fig. 1 illustrates a flow chart of a network security protection method 100 based on key dynamics in accordance with an embodiment of the present disclosure. As shown in fig. 1:
s110, collecting time stamp data when a user types in a character string.
In some embodiments, the user may be allowed to type in a previously prepared string, such as a string, through a keyboard: the pressing and releasing of each character of abc1234 records the time stamp at that time, thus obtaining a set of data for one user, and the typing of different strings by different users can obtain m sets of time stamp data.
In some embodiments, as shown in fig. 2, a time sequence diagram is shown, which is consumed by sequentially pressing and releasing two keys on a keyboard, wherein HL, IL, PL and RL have the following meanings:
HL retention time delay: the time elapsed between a key press and a release event;
delay between IL bonds: the time elapsed between the release of the key and the next key press;
PL compression delay: i.e. the time elapsed between two consecutive compression events;
RL release delay: i.e. the time elapsed between two consecutive release events.
S120, preprocessing the time stamp data to obtain tiled data.
In some embodiments, as shown in fig. 4, the process of preprocessing the time stamp data includes: and calculating HL, IL, PL, RL according to the acquired time stamp data, aligning the data of HL, IL, PL, RL, merging aligned HL, IL, PL, RL lines, and transposing to obtain a transposed matrix, and taking out the data in the transposed matrix lines to sequentially arrange the data into a new line of data to obtain tiled data.
In some embodiments, HL, IL, PL, RL of each group is combined in rows and transposed. Namely, HL is the 1 st column, IL is the 2 nd column, PL is the 3 rd column, RL is the 4 th column, and the columns are sequentially arranged to form a matrix, and the dimension of the matrix is [ character string length, 4].
In some embodiments, the data in the matrix obtained when the data are combined is fetched by rows and new data are sequentially arranged in a row. I.e. the first row of data in the matrix is the 1 st-4 th data of the new data and the second row of data in the matrix is the 5 th-8 th data of the new data, which are arranged in sequence until each row of data in the matrix is fetched and put into the new data, so that the length of the new data n=4 x the length of the string.
And S130, performing feature extraction and data division on the tiled data to generate a training sample set.
In some embodiments, as shown in fig. 5, feature extraction of tile data includes:
a) Data interception
From the tiled data, the data is intercepted in a manner that the length is l and the sliding window is x. Namely, data 1 is: 1 st- > l data in n data, 2 nd data are: (1+x) - > (x+l) th data among n data, 3 rd data is: the (1+2x) - > (2x+l) th data among the n data is pushed in this way until the nth data is fetched. A total of [ (n-l)/x ] +1 pieces of data can be taken, and a total of m { [ (n-l)/x ] +1 pieces of data can be taken from m sets of time stamp data.
b) Data normalization
Inputting m { [ (n-l)/x ] +1} pieces of data into a standardized model of the z-score, and processing each piece of data into floating point numbers to obtain sample data.
In some embodiments, the user identity type corresponding to each sample data may be used as a sample tag; and carrying out equalization processing on the sample data and the corresponding sample labels thereof, and dividing the sample data to obtain a training sample set, a verification sample set and a test sample set.
In some embodiments, the data partitioning includes:
a) Active user
The user who really owns the account password, namely the user himself. The valid user-generated data samples are positive samples.
b) Invalid user
And the users who steal account passwords of other people in a data leakage mode and the like, namely other people who own the account passwords. The invalid user-generated data samples are negative samples.
c) Sample imbalance handling
There are only 1 valid user per pair of account passwords, but there can be many invalid users, so there is a problem of uneven distribution of one sample. The data volume of the positive samples is enlarged by adopting a copying mode for the positive samples, and the data volume equivalent to the number of the positive samples is selected by adopting a random selection mode for the negative samples, so that the number of the positive samples and the negative samples are balanced.
d) Data partitioning
And dividing all samples consisting of the positive and negative samples into a training set, a verification set and a test set according to the proportion of 7:1:2 by adopting a layered sampling mode. The training set and the verification set are used in the training process of the model and used for training the model, and the testing set is used in the testing process of the model and used for evaluating the generalization capability of the model.
And S140, performing model training according to the training sample set to obtain a trained identity authentication model.
In some embodiments, a DNN neural network as shown in FIG. 6 can be constructed, a training set and a verification set are input into the model, the model is learned and verified, and the model is trained to an optimal state. And simultaneously, different super parameters are tried, a plurality of models are trained, and an optimal model is selected from the models.
In some embodiments, the test set is input into a trained model, the generalization capability of the model is evaluated, if the expected model is reached, the training is finished, the model can be used for production, if the expected model is not reached, reasons need to be analyzed, and the model is optimized by means of adding the data set, modifying the model structure, adjusting super parameters and the like until the generalization capability of the model reaches the expected model.
And S150, authenticating the user according to the trained identity authentication model.
In some embodiments, the time stamp of the collected user input character string may be taken out to obtain a plurality of samples, all sample vectors may be normalized, and all normalized feature vectors may be input into the identity authentication model after the test is completed to the expected identity authentication model, so that the model predicts the probability of the user identity type corresponding to each sample data.
In some embodiments, the average value of the probabilities of the user identity types corresponding to all the sample data may be taken as the prediction probability of the user, where if the probability is greater than the preset threshold value, the user is the user, and if the probability is less than or equal to the preset threshold value, the user is not the user, and the authentication fails.
In some embodiments, the preset threshold may be 0.5.
According to the embodiment of the disclosure, the following technical effects are achieved: the method can effectively verify the identity of the user, ensure that even if the user suffers from account password leakage, the invalid user cannot successfully log in the corresponding application by using the right account password, and effectively protect the vital interests of the user and enterprises.
Fig. 3 illustrates a schematic diagram of a network security protection method based on key dynamics, according to an embodiment of the present disclosure, as shown in fig. 3,
1. recording a user input string: the time stamp of abc1234, each time the user types a character, the time stamp of pressing and bouncing is recorded, and the partial time stamp data is shown in table 1:
2. data preprocessing
The tiling results of HL, IL, PL, RL calculated according to table 1 are shown. Wherein:
the 1 st value, i.e., 1 st hl=timestamp of the character a bouncing-timestamp of the character b pressing, 1659856029132-1659856029100 =32,
the 2 nd value, i.e., the 1 st il=the timestamp of the pressing of character b-the timestamp of the bouncing of character a, 1659856029223-1659856029132 =91,
the 3 rd value, i.e. 1 st pl=timestamp of character b press-timestamp of character a press, 1659856029223-1659856029100 =123
The 4 th value, i.e. 1 st rl=timestamp of character b up-timestamp of character a up, 1659856029286-1659856029132 =154
Sequentially calculating the 5 th to 25 th numerical values of the table, and finally supplementing 0 to the 26 th to 28 th numerical values, wherein the obtained HL, IL, PL, RL data tiling data are shown in the table 2:
3. feature extraction
a) Data interception
Assuming that the cut length is 6 and the sliding window is 1, the partial sample data obtained by cutting from the tile data in table 2 is shown in table 3:
b) Data normalization
All sample data shown in Table 3 were normalized using z-score to obtain normalized data as shown in Table 4:
4. model training and evaluation
And preprocessing and extracting the time stamp information recorded when different users input different character strings, balancing sample processing, dividing the samples, training the model by using a training set and a verification set, and testing the trained model by using a testing set. The precision and recall rate of the model on the test set are all over 95 percent.
5. Identity authentication
And (3) typing the user in the character string again, collecting timestamp information, preprocessing, extracting features, standardizing each intercepted sample, predicting the model, and finally taking the average value of the prediction probabilities of all the samples, wherein the average value is greater than 0.5, so that the user identity authentication is passed.
According to the embodiment of the disclosure, the following technical effects are achieved: the method can effectively verify the identity of the user, ensure that even if the user suffers from account password leakage, the invalid user cannot successfully log in the corresponding application by using the right account password, and effectively protect the vital interests of the user and enterprises.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 7 shows a block diagram of a network security appliance 700 based on key dynamics, according to an embodiment of the present disclosure, as shown in fig. 7, the appliance 700 includes:
a data collection module 710 for collecting time stamp data when a user types in a character string;
a data preprocessing module 720, configured to preprocess the timestamp data to obtain tiled data;
the data extraction and division module 730 is configured to perform feature extraction and data division on the tiled data, and generate a training sample set;
the model training module 740 is configured to perform model training according to the training sample set to obtain a trained identity authentication model;
the identity authentication module 750 is configured to authenticate the user according to the trained identity authentication model.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations, and the public sequence is not violated.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 8 shows a schematic block diagram of an electronic device 800 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The electronic device 800 includes a computing unit 801 that can perform various appropriate actions and processes according to a computer program stored in the ROM802 or a computer program loaded from a storage unit 808 into the RAM 803. In the RAM803, various programs and data required for the operation of the electronic device 800 can also be stored. The computing unit 801, the ROM802, and the RAM803 are connected to each other by a bus 804. An I/O interface 805 is also connected to the bus 804.
Various components in electronic device 800 are connected to I/O interface 805, including: an input unit 806 such as a keyboard, mouse, etc.; an output unit 807 such as various types of displays, speakers, and the like; a storage unit 808, such as a magnetic disk, optical disk, etc.; and a communication unit 809, such as a network card, modem, wireless communication transceiver, or the like. The communication unit 809 allows the electronic device 800 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 801 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 801 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 801 performs the various methods and processes described above, such as method 100. For example, in some embodiments, the method 100 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 808. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 800 via the ROM802 and/or the communication unit 809. When a computer program is loaded into RAM803 and executed by computing unit 801, one or more steps of method 100 described above may be performed. Alternatively, in other embodiments, the computing unit 801 may be configured to perform the method 100 by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: display means for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A network security protection method based on key dynamics features, comprising:
collecting time stamp data when a user types in a character string;
preprocessing the time stamp data to obtain tiled data;
performing feature extraction and data division on the tiled data to generate a training sample set;
model training is carried out according to the training sample set, and a trained identity authentication model is obtained;
and authenticating the identity of the user according to the trained identity authentication model.
2. The method of claim 1, wherein the collecting timestamp data for a user typing a string comprises:
and when the user types each character, pressing and releasing the timestamp corresponding to the character to obtain timestamp data when the user types the character string.
3. The method of claim 2, wherein preprocessing the time stamp data to obtain tiled data comprises:
calculating each group of HL retention delay, IL key delay, PL pressing delay and RL releasing delay when a user types a character string according to the timestamp data;
combining and transposing each group of HL retention delay, IL key delay, PL pressing delay and RL release delay according to rows to obtain a transposed matrix;
and taking out the data in the transposed matrix according to the rows, and sequentially arranging the data into a new row of data to obtain tiled data.
4. The method of claim 3, wherein the performing feature extraction and data partitioning on the tiled data generates a training sample set, comprising:
intercepting data from the tiled data in a mode that the length is l and the sliding window is x;
normalizing the intercepted data to obtain sample data;
taking the user identity type corresponding to each sample data as a sample label;
and carrying out equalization processing on the sample data and the corresponding sample labels thereof, and dividing the sample data to obtain a training sample set, a verification sample set and a test sample set.
5. The method of claim 4, wherein the performing model training according to the training sample set to obtain a trained authentication model comprises:
model training is carried out according to the training sample set and the verification sample set, and a trained identity authentication model is obtained;
inputting a test sample set into the trained identity authentication model, and evaluating the generalization capability of the model;
if the generalization capability reaches the expected value, the training is ended.
6. The method of claim 1, wherein authenticating the user according to the trained authentication model comprises:
collecting user time stamp data to be authenticated, and obtaining sample data according to the time stamp data;
predicting the probability of the user identity type corresponding to each sample data according to the trained identity authentication model;
when the average value of the user identity type probabilities corresponding to all the sample data is larger than a preset threshold, the user is the identity, the identity authentication is successful, and otherwise the identity authentication fails.
7. A method according to claim 3, said calculating each set of HL hold, IL key-to-IL, PL press and RL release delays as a user types a string from the timestamp data, comprising:
corresponding HL hold, IL inter-key, PL press and RL release delays are calculated from the user typing in the time stamps between every two consecutive characters.
8. A key dynamics based network security guard comprising:
the data acquisition module is used for acquiring time stamp data when a user types in a character string;
the data preprocessing module is used for preprocessing the time stamp data to obtain tiled data;
the data extraction and division module is used for carrying out feature extraction and data division on the tiled data to generate a training sample set;
the model training module is used for carrying out model training according to the training sample set to obtain a trained identity authentication model;
and the identity authentication module is used for authenticating the identity of the user according to the trained identity authentication model.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; it is characterized in that the method comprises the steps of,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211635592.5A CN116015677A (en) | 2022-12-19 | 2022-12-19 | Network safety protection method and device based on key dynamics characteristics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211635592.5A CN116015677A (en) | 2022-12-19 | 2022-12-19 | Network safety protection method and device based on key dynamics characteristics |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116015677A true CN116015677A (en) | 2023-04-25 |
Family
ID=86036548
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211635592.5A Pending CN116015677A (en) | 2022-12-19 | 2022-12-19 | Network safety protection method and device based on key dynamics characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015677A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116545727A (en) * | 2023-05-29 | 2023-08-04 | 泰州市野徐太丰防护用品厂 | Network security protection system applying character interval duration identification |
-
2022
- 2022-12-19 CN CN202211635592.5A patent/CN116015677A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116545727A (en) * | 2023-05-29 | 2023-08-04 | 泰州市野徐太丰防护用品厂 | Network security protection system applying character interval duration identification |
| CN116545727B (en) * | 2023-05-29 | 2023-11-07 | 华苏数联科技有限公司 | Network security protection system applying character interval duration identification |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021077642A1 (en) | Network space security threat detection method and system based on heterogeneous graph embedding | |
| US10248910B2 (en) | Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform | |
| CN104301286B (en) | User log-in authentication method and device | |
| US20200195683A1 (en) | Systems and methods for detecting anomalous behavior within computing sessions | |
| US20200186529A1 (en) | Evaluating security of data access statements | |
| CN106934274B (en) | Weak password detection method, device and system | |
| US11537693B2 (en) | Keyboard and mouse based behavioral biometrics to enhance password-based login authentication using machine learning model | |
| US20150040193A1 (en) | Physical Interaction Style Based User Authentication for Mobile Computing Devices | |
| CN111260220B (en) | Group control equipment identification method and device, electronic equipment and storage medium | |
| EP4120105A1 (en) | Identity authentication method, and method and device for training identity authentication model | |
| CN116015677A (en) | Network safety protection method and device based on key dynamics characteristics | |
| US10511585B1 (en) | Smoothing of discretized values using a transition matrix | |
| CN116561737A (en) | Password validity detection method based on user behavior base line and related equipment thereof | |
| CN111382417B (en) | System and method for identifying fraudulent activity from user equipment using a series of equipment fingerprints | |
| CN109583177B (en) | System and method for identifying new devices during user interaction with banking services | |
| US10356120B1 (en) | Method, apparatus and computer program product for assessing the risk of electronic communications using logon types | |
| US10243976B2 (en) | Information securities resource propagation for attack prevention | |
| CN113010865B (en) | Big data base component safety management method and system of intelligent education platform | |
| Verma et al. | DF 2.0: Designing an automated, privacy preserving, and efficient digital forensic framework | |
| US20230195892A1 (en) | Operation behavior monitoring method and apparatus, electronic device, and storage medium | |
| Zhong et al. | A security log analysis scheme using deep learning algorithm for IDSs in social network | |
| Bond et al. | Touch-based static authentication using a virtual grid | |
| CN115208611A (en) | Identity authentication method, identity authentication device, computer equipment, storage medium and program product | |
| US9172719B2 (en) | Intermediate trust state | |
| CN113034123B (en) | Abnormal resource transfer identification method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |